#endif
slap_mask_t mask;
slap_control_t control;
+ const char *attr;
+ regmatch_t matches[MAXREMATCHES];
+
+ assert( e != NULL );
+ assert( desc != NULL );
+ assert( access > ACL_NONE );
- const char *attr = desc ? desc->ad_cname->bv_val : NULL;
+ attr = desc->ad_cname.bv_val;
- regmatch_t matches[MAXREMATCHES];
+ assert( attr != NULL );
#ifdef NEW_LOGGING
LDAP_LOG(( "acl", LDAP_LEVEL_ENTRY,
- "access_allowed: conn %d %s access to \"%s\" \"%s\" requested\n",
- conn->c_connid, access2str( access ), e->e_dn, attr ));
+ "access_allowed: conn %d %s access to \"%s\" \"%s\" requested\n",
+ conn ? conn->c_connid : -1, access2str( access ), e->e_dn, attr ));
#else
Debug( LDAP_DEBUG_ACL,
"=> access_allowed: %s access to \"%s\" \"%s\" requested\n",
- access2str( access ),
- e->e_dn, attr );
+ access2str( access ), e->e_dn, attr );
#endif
+ if ( op == NULL ) {
+ /* no-op call */
+ return 1;
+ }
+
+ if ( be == NULL ) be = &backends[0];
assert( be != NULL );
- assert( e != NULL );
- assert( attr != NULL );
- assert( access > ACL_NONE );
/* grant database root access */
if ( be != NULL && be_isroot( be, op->o_ndn ) ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "acl", LDAP_LEVEL_ENTRY,
"access_allowed: conn %d %s access %s by %s\n",
+ conn->c_connid,
access2str( access ),
ACL_GRANT( mask, access ) ? "granted" : "denied",
accessmask2str( mask, accessmaskbuf ) ));
assert( e != NULL );
assert( count != NULL );
+ assert( desc != NULL );
- attr = desc ? desc->ad_cname->bv_val : NULL;
+ attr = desc->ad_cname.bv_val;
+
+ assert( attr != NULL );
if( a == NULL ) {
if( be == NULL ) {
#ifdef LDAP_DEBUG
char accessmaskbuf[ACCESSMASK_MAXLEN];
#endif
- const char *attr = desc ? desc->ad_cname->bv_val : NULL;
+ const char *attr;
assert( a != NULL );
assert( mask != NULL );
+ assert( desc != NULL );
+
+ attr = desc->ad_cname.bv_val;
+
+ assert( attr != NULL );
#ifdef NEW_LOGGING
LDAP_LOG(( "acl", LDAP_LEVEL_ENTRY,
struct berval bv;
int rc, match = 0;
const char *text;
- const char *desc = b->a_dn_at->ad_cname->bv_val;
+ const char *attr = b->a_dn_at->ad_cname.bv_val;
+
+ assert( attr != NULL );
#ifdef NEW_LOGGING
LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1,
"acl_mask: conn %d check a_dn_pat: %s\n",
- conn->c_connid, desc ));
+ conn->c_connid, attr ));
#else
Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
- desc, 0, 0);
+ attr, 0, 0);
#endif
bv.bv_val = op->o_ndn;
bv.bv_len = strlen( bv.bv_val );
}
}
+ /* implicit "by * none" clause */
+ ACL_INIT(*mask);
+
#ifdef NEW_LOGGING
- LDAP_LOG(( "aci", LDAP_LEVEL_RESULTS,
+ LDAP_LOG(( "acl", LDAP_LEVEL_RESULTS,
"acl_mask: conn %d no more <who> clauses, returning %d (stop)\n",
conn->c_connid, accessmask2str( *mask, accessmaskbuf) ));
#else
#ifdef NEW_LOGGING
LDAP_LOG(( "aci", LDAP_LEVEL_DETAIL1,
"acl_check_modlist: conn %d no-user-mod %s: modify access granted\n",
- conn->c_connid, mlist->sml_desc->ad_cname->bv_val ));
+ conn->c_connid, mlist->sml_desc->ad_cname.bv_val ));
#else
Debug( LDAP_DEBUG_ACL, "acl: no-user-mod %s:"
" modify access granted\n",
- mlist->sml_desc->ad_cname->bv_val, 0, 0 );
+ mlist->sml_desc->ad_cname.bv_val, 0, 0 );
#endif
continue;
}
}
ber_bvecfree(bvals);
}
- ad_free(desc, 1);
}
}
ch_free(ndn);
{
backend_attribute(be, NULL, NULL, e,
subjdn, desc, &bvals);
- ad_free(desc, 1);
if ( bvals != NULL ) {
if ( bvals[0] != NULL )
set = ch_strdup(bvals[0]->bv_val);
}
done:
- if( grp_ad != NULL ) ad_free( grp_ad, 1 );
ch_free(grpdn);
ch_free(grpat);
ch_free(grpoc);
struct berval bv, perms, sdn;
char *subjdn;
int rc;
- char *attr = desc->ad_cname->bv_val;
+ char *attr = desc->ad_cname.bv_val;
+
+ assert( attr != NULL );
/* parse an aci of the form:
oid#scope#action;rights;attr;rights;attr$action;rights;attr;rights;attr#dnType#subjectDN
}
}
- ad_free( ad, 1 );
return rc;